Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8
Date:
Tue, 19 Mar 2024 13:39:04 +0000
Description:
Man Yue Mo explains
how to compromise a Pixel8 phone even when the Arm memory-tagging extension
is in use, by taking
advantage of the Mali GPU. So, by using the GPU to access physical addresses directly, I'm
able to completely bypass the protection that MTE
offers. Ultimately, there is no memory safe code in the code that
manages memory accesses. At some point, physical addresses will
have to be used directly to access memory.
======================================================================
Link to news story:
https://lwn.net/Articles/965926/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)